Security Specialist - Senior

Company Description

Arthur Grand Technologies (www.arthurgrand.com) is in the business of providing staffing and technology consulting services. We have doubled our revenue year over year for the past 5 years. This speaks to the long-lasting relationship and customer satisfaction that we have built in this short span of time. Our company is managed by a team of professionals who worked for big 5 consulting firms for 20+ years. 

We are a minority owned staff augmentation and technology consulting company
To keep our valued employees, we need to keep them engaged in challenging, interesting work, offer market-relevant benefits and provide continued opportunities for professional growth.

Job Description

Position:  Security Specialist - Senior

Location: Toronto, Ontario (Hybrid)

Hybrid - 3 days on site and 2 days remote

MUST HAVES:

• Demonstrated experience in developing and applying leading practices in a large-scale Information Security, Technology Risk or Vendor Risk environments.
• Industry recognized qualifications and certifications in Information Security and/or Risk Management such as Certified Information Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Factor Analysis of Information Risk (FAIR) etc.)

Nice to have:

• OPS experience

Description

Responsibilities: 

• Provide Strategic Advisory services to meet ministry objectives pertaining to IT vendor risk management.      
• Review and update Standard Operating Procedures to improve IT Vendor Risk Management effectiveness leveraging industry best and leading practices.                                                                      
• Communicate and support implementation of Standard Operating Procedures (SOP) and document key controls for IT vendor risk management.                                                                      
• Work with stakeholders to collate and analyze vendor risk data to enable horizontal review across GovTechON. Deliver reporting and insights on 3rd IT Vendor risks to the management.                                   
• Provide ongoing IT vendor risk management deliverables assigned by IT Vendor Management Office.

Key Responsibilities:

• Provide strategic advisory services to ensure IT vendor risk data is captured, analyzed and shared to  enable aggregated  view of risks to inform future decision-making by GovTechON  leadership.                               
• Review, update and maintain IT Vendor Risk Management Standard Operating Procedures and guidelines, through ongoing maintenance, and periodic reviews to ensure emerging vendor supply chain risks are proactively identified and mitigated.                          
• Support SVM Program Manager in the development of KPIs, KRIs and analytics that will measure the effectiveness of the SVM program. Support periodic maturity assessments of the IT Vendor Risk Management program and ensure remediation of identified observations.             
• Collaborate as appropriate with information security, compliance, and/or disaster recovery (DR) and business continuity management (BCM) staff within GovTechON to review, update and support maintenance of IT Vendor Risk Management Standard Operating Procedures.                                                
• Collaborate as appropriate with GovTechON IT divisions and coordinate the identification and ranking of IT vendor risks. Coordinate the classification and tiering of IT-related vendors by risks and risk impacts.    
• Work cross functionally with other OPS stakeholders  to review, update and maintain IT Vendor Risk Management Standard Operating Procedures and guidelines.                 
• Maintain awareness of changes in the IT Industry that impact the IT Vendor Risk Management and ensure alignment with audit requirements.       
• Enable third party IT Vendor risk awareness and best practice sharing with various stakeholders and aid in the development of vendor IT risk management training modules.

Experience and Skill Set Requirements

Evaluation Breakdown

1. Technical Skills - 15%

• Demonstrated experience in developing and applying leading practices in a large-scale Information Security, Technology Risk or Vendor Risk environments.

2. IT Risk framework, policy, and standard development. Process development and improvement -10%            

• Demonstrated experience in framework, policy and IT standard development.
• Demonstrated experience in process development and improvement

3. IT Security Control Framework - 10%

• Advanced working experience with security control frameworks (e.g., ISO27001, NIST CSF, PCI DSS, etc.)

4. IT Risk Management (Governance, Risk and Compliance) tools, practices/methodologies - 10%

• Demonstrated experience with IT Governance, Risk and Compliance (GRC) tools, and Risk Management practices/ methodologies.

5. Stakeholder Engagement,  Facilitation Skills and Project Management - 10%

• Demonstrated experience in partnering with diverse stakeholders in complex scenarios with excellent liaison, communication, influence and presentation skills.
• Experience with Project Management practices in enterprise environments.

6. Industry recognized qualifications and certifications in Information Security and/or Risk Management - 15%

• Industry recognized qualifications and certifications in Information Security and/or Risk Management such as Certified Information Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Factor Analysis of Information Risk (FAIR) etc.)

Additional Information

All your information will be kept confidential according to EEO guidelines.